Please report suspected vulnerabilities privately to dev@taostats.io.
Do not open a public GitHub issue for security-sensitive findings. Include the affected contract, a reproduction path, expected impact, and any suggested fix if available.
We will review reports as quickly as possible and coordinate disclosure once a fix or mitigation is ready.